From Security Weekly Wiki
Jump to navigationJump to search

(15 Seconds of silince)

(Record the Welcome Intro)

(More silence)

FiT Stinger

Theme Music, Episode 34 for June 29, 2006

"Welcome to Security Weekly, Episode 34 for June 29, 2006"

From the PSW studios

¡Buonas díaz! Ésta es seguridad de Security Weekly semanal, yo es tu anfitrión Paul Asadoorian con mi amigo Larry Pesce. Signor Twitchy no estar aquí.

¿Cómo estás Signor Larry?

Hello to all of our live audience listeners via Skypecast!


This episode is sponsored by Syngress Publishing, read a book, learn to hack, and never have to pay for another coke again!

Listen to the question at the end of each show, then go to the Security Weekly blog and be the first to post the CORRECT answer to recieve a free copy of any in-stock book on the Syngress web site!

There were no answers last week, so the question still stands! We will repeat eh question at eh end of the show!

This episode is also sponsored by Core Security Technologies.

Larry: Use Core impact to Test your IDS/IPS, to unleash unsavory men with bitey dogs! Thanks Bruce Schneier!

Listen to this podcast and qualify to receive a 10% discount on Core Impact, worlds best penetration testing tool.

We are also sponsored by the SANS Institute, where you can get schooled and like it!. Get hands-on training in intrusion detection, forensics, hacking and exploiting, and drinking beer.... Listen for the discount code at the end of the show for 5% off SANSFIRE, July 5-11th in Washington DC. Almost every SANS track will be offered! ANd twitchy will be there!


Announcement: Beer, in honor of Steve Gibson, who hasn't responded to our ports question. Larry even sat theough the last mod 4 episode...

Annoucenment: Welcome back Paul, is hasn't been the same without you. Now get to work, will ya?

Annoucenment: iTunes comments!

On to listener feedback...

1 - 2 - Listener Feedback

Irvine writes in again: Larry (Since Paul is on his honeymoon),

Here's something interesting for you to do. Log into you Google Calendar and search public calendars for "Network Upgrade". You'll get dates and times, OS's, patch levels... everything a hacker needs to know to penetrate a network. Think of it - knowing the exact date and time that a new "unpatched" network will be coming online. - Scary.

Thoughts on USB drives laying in parking lot - I didn't hear any of you talk about TRAINING! A great idea would be to train your people about your POLICY and then test them by leaving some of your own USB drives laying around. I personally have my clients set up reward systems for alerting the network team during social engineering pen tests. If you don't let the employees know when you'll be testing them, you may find out when you're actually being social engineered!

Topic thoughts: Here are some thoughts on segments you might want to have during you podcast.

The anatomy of a pentest,

social engineering tip of the week,

phone system hacking tip of the week,

policy of the week (then cover a policy that should be in every organization)

protocol of the week (cover a protocol you'd catch on a network and why it's there (or shouldn't be there) - probably for newbe pen testers but valuable info anyway)

Enough for now...

Jon write: <suckup> Love the show guys, it is great. I listen to it in my car on the way to work. Keep the casts coming! </suckup>

Silly question, I am sure, but I wanted to ask anyway. The windows firewall. I hear some say it sucks hardcore. I hear some say that it is serviceable, and I have heard a couple sing it praise. How is it really from an intrusion perspective? For a home machine, is it 'good enough'? Is it easy to get around? I know it is not very configurable, and that it cannot be made to do some of the things that I want, but... I work as a Network Admin for a State Government Agency, and I work as a tech at a little Mom&Pop Repair place (It is my way of keeping up with the things that are 'in the wild'). Most of the other techs tell the folks that come in that the windows Firewall is good enough for home use. I am not so sure. I would suggest a Pix, but that is a bit over the top for a home user. I know Windows Firewall is better than nothing, but how good is it? Should we be recommending some other firewall solution for personal machines at home? I have used BlackIce, and a couple of others in the past.

Thanks for any info you can provide.

Stone writes:

First off great show! (Insanely Informative!)

I started listening about 2 weeks ago and I have almost caught up listening to all the old episodes. Anyway, I was listening to Episode 25's "Story time with Twitchy" and I couldn't stop laughing!!!!!

...about 2.5 years ago "I" errr my friend "Bob" was taking an "Intro to computers" class with his Girlfriend. "Bob " at the time was had an MCSE and was working in IT for a big nameless corporation nut needed the class as a pre-req for his major. He also wanted to get his Girlfriend more comfortable with using computers. Well, one day in the class/lab "Bob" got really bored after finishing a lab on the fine art of "saving files". BTW, the machines in the Lab were older Dells running WIN2K (so was the style at the time) and he decided to freak out his girlfriend by netsending odd messages to her lab computer. This was easy cause they had big labels on them that corresponding with the host name. "Bob" sent a few g-rated ones to her, you know like "hey your shoes are untied" and then at break "Bob's" Girlfriend wanted to know how he was doing creating the messages. "Bob" was obliged with an "each one teach one" attitude. A few weeks later in the same class "Bob's girlfriend asked him a question and being a smart-ass he replied via net send. Well the very next time during a "Lab Quiz" "Bob" was working on said quiz and what do you know. His Girlfriend net sent him for help on finding a menu item in excel. This was just the beginning and snow-balled to the point where "I" I mean "Bob" couldn't even focus on his own work and was spending half the time helping her. Weeks passed and it was now Finals. "Bob" had finished early and sat in front of his machine waiting for his Girlfriend to finish her final. So like any Geek he started poking around the lab machine just one more time and made his way to the "Event viewer" and to his surprise an ass-load of one-sided net send "conversations" were sitting there! (bleeeeeeep!!!) So luckily he was able to delete most of the entries, but what about his Girlfriend's machine, well he just moved over one seat when she turned in her printouts and deleted everything. Of course the machines were not really that locked down they had "Windshield" I think and the premise was after each class the machines were to be restarted and all defaults were reset, except for the "Event Logs" of course.

Moral of the story: Cheating in a relationship is bad even if your Girlfriend approves of it.

-Stone from California

p.s. Like a good listener I have put a pin on the frapper map and I will purchase a Syngress book today when I leave work.

[Music] Story Time With Twitchy

Twitchy tells us a hacking story about something...


3 - 4 - News


Episode34 Show Notes


Syngress question of the week: Name the actor who starred in Shaolin Master Killer (aka. 36 Chambers of Shaolin, Masta Killa). What style of Kung Fu does he practice? Bonus: What are his mandarin and cantonese names?

Core discount code impactbsg

SANS discount code is <pauldotcom>.

Thank you for listening, psw@securityweekly.com, http://securityweekly.com Phone number Security Weekly Security Weekly, PO Box 860, Greenville RI, 02828